ETDA สำนักงานพัฒนาธุรกรรมทางอิเล็กทรอนิกส์
Electronic Transactions Development Agency
Report
Search
Home > List all groups > List all tools > List all groups using tool SDBbot

Threat Group Cards: A Threat Actor Encyclopedia

Permanent link Tool: SDBbot

NamesSDBbot
CategoryMalware
TypeBackdoor, Loader, Info stealer, Tunneling
Description(Proofpoint) SDBbot is a new remote access Trojan (RAT) written in C++ that has been delivered by the Get2 downloader in recent TA505 campaigns. Its name is derived from the debugging log file (sdb.log.txt) and DLL name (BotDLL[.]dll) used in the initial analyzed sample. It also makes use of application shimming for persistence. SDBbot is composed of three pieces: an installer, a loader, and a RAT component.
Information<https://www.proofpoint.com/us/threat-insight/post/ta505-distributes-new-sdbbot-remote-access-trojan-get2-downloader>
<https://www.cyber.gov.au/acsc/view-all-content/alerts/sdbbot-targeting-health-sector>
MITRE ATT&CK<https://attack.mitre.org/software/S0461/>
Malpedia<https://malpedia.caad.fkie.fraunhofer.de/details/win.sdbbot>

Last change to this tool card: 30 December 2022

Download this tool card in JSON format

All groups using tool SDBbot

ChangedNameCountryObserved

APT groups

 TA505, Graceful Spider, Gold EvergreenRussia2006-Nov 2022X

1 group listed (1 APT, 0 other, 0 unknown)

Digital Service Security Center
Electronic Transactions Development Agency

Follow us on

Facebook Twitter

Report incidents

Telephone +66 (0)2-123-1227
E-mail [email protected]